- URL:https://[root]/portals/[portalID]/idp/federation/register(POST only)
Example usage
Below is a sample ArcGIS Online POST request for the register operation:
POST /sharing/rest/portals/0123456789ABCDEF/idp/federation/register HTTP/1.1
Host: org.arcgis.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []
name=My SAML federation&discoveryServiceUrl=https://discovery.example.com&metadataServiceUrl=https://metadata.example.com&entityId=org.maps.arcgis.com&certificate=...&userCreditAssignment=-1&groups=6dc1a6f134b44ebb8d1f1b55f0ad8753&signUpMode=Automatic&roleId=org_user&level=&userLicenseType=editorUT&userType=arcgisonly&f=pjsonBelow is a sample ArcGIS Enterprise POST request for the register operation:
POST /webadaptor/sharing/rest/portals/0123456789ABCDEF/idp/federation/register HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []
name=My SAML federation&discoveryServiceUrl=https://discovery.example.com&metadataServiceUrl=https://metadata.example.com&entityId=org.domain.com&certificate=...&userCreditAssignment=-1&groups=6dc1a6f134b44ebb8d1f1b55f0ad8753&signUpMode=Automatic&roleId=org_user&level=&userLicenseType=editorUT&userType=arcgisonly&f=pjsonDescription
The register federation operation (POST only) allows organization administrator to configure enterprise login using a SAML-based federation of identity providers. An organization can be set up using either a single IDP or a federation, not both.
Request parameters
| Property | Details |
|---|---|
| name | The SAML federation name. Example |
| discoveryServiceUrl | SAML federation discovery service URL. Example |
| metadataServiceUrl | SAML federation aggregate metadata service URL. Example |
| certificate | Base64-encoded certificate text used to validate metadata service, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. |
| entityId | Entity ID used to identify the organization in SAML federation. Example |
| userCreditAssignment | Specific credit allocation for each joining member or to the default organization limit with -1. This is used when the organization has credit budgeting enabled. |
| groups | An array of groups members are added upon joining the organization, used when signUpMode is Automatic. Example |
| encryptionSupported | If true, it indicates to SAML federation that encrypted SAML assertion responses are supported. The default value is false. Values: true | false |
| supportSignedRequest | If true, your organization signs the SAML authentication request sent to the IDP federation. The default value is false. Values: true | false |
| supportsLogoutRequest | If true, signing out of the organization prompts logout of the IDP. The default value is false. Values: true | false |
| updateProfileAtSignin | If true, user account information (full name and email address) stored in either ArcGIS Online or ArcGIS Enterprise is automatically synced with the information received from the IDP. The default value is false. Values: true | false |
| updateGroupsAtSignin | If true, enables SAML-based group membership that allows organization members to link specified SAML-based enterprise groups to your organization's groups during group creation. The default is false. Values: true | false |
| signUpMode | Determines the enterprise members joining mode to the organization, automatically or through an invitation. Values: Automatic | Invitation |
| roleId | The default role members are assigned, used when signUpMode is Automatic. |
| level | Note:This parameter has been deprecated as of ArcGIS Enterprise 10.7 and the December 2018 release of ArcGIS Online. Users should instead use the userLicenseType parameter below. The default license level members are assigned. This is used when singupMode is Automatic. |
| userLicenseType | Default user license type members are assigned, used when signUpMode is Automatic. |
| userType | Determines if new members will have Esri access (both) or if Esri access will be disabled (arcgisonly). The default value is arcgisonly. Note:While this parameter only applies to ArcGIS Online, the value for this parameter will still be passed through in ArcGIS Enterprise requests for this operation. this will have no impact on your ArcGIS Enterprise organization. Values: arcgisonly | both |
| f | The response format. The default format is html. Values: html | json | pjson |
Response properties
| Property | Details |
|---|---|
| success | Indicates if the operation was successful. |
| federationId | The ID of the organization identity federation. |
JSON Response example
The following demonstrates a returned success response:
{
"success": true,
"federationId": "J55ajJJ7MsY1QoQs"
}The following demonstrates a returned error message:
{
"error": {
"code": 400,
"message": "Unable to register Federation",
"details": [
"'discoveryServiceUrl' must be specified.",
"'metadataServiceUrl' must be specified."
]
}
}